netfilter: ipset: stop hash:* range iteration at end

Summary

CVE	CVE-2026-52921
State	PUBLISHED
Assigner	Linux
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-06-24 08:16:22 UTC
Updated	2026-06-24 08:16:22 UTC
Description	In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: stop hash:* range iteration at end The following hash set variants: hash:ip,mark hash:ip,port hash:ip,port,ip hash:ip,port,net iterate IPv4 ranges with a 32-bit iterator. The iterator must stop once the last address in the requested range has been processed. Advancing it once more can move the traversal state past the end of the request, so a later retry may continue from an unintended position. Handle the iterator increment explicitly at the end of the loop and stop once the upper bound has been processed. This keeps the existing retry behaviour intact for valid ranges while preventing traversal from continuing past the original boundary.

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Linux	Linux	affected 48596a8ddc46f96afb6a2cd72787cb15d6bb01fc be75218fadea22e59c8673db212f29c681bf45bb git	Not specified
CNA	Linux	Linux	affected 48596a8ddc46f96afb6a2cd72787cb15d6bb01fc 383418c20e69f5761b6ec5238f599423f4fb77fb git	Not specified
CNA	Linux	Linux	affected 48596a8ddc46f96afb6a2cd72787cb15d6bb01fc 0d7b33ace701fe397e6e4de145f32e098178d901 git	Not specified
CNA	Linux	Linux	affected 48596a8ddc46f96afb6a2cd72787cb15d6bb01fc c281e018af98df91827d65bec00f4956c00a1b02 git	Not specified
CNA	Linux	Linux	affected 48596a8ddc46f96afb6a2cd72787cb15d6bb01fc 02f75f041a93ea045834da89cd3234f4c1d749b4 git	Not specified
CNA	Linux	Linux	affected 48596a8ddc46f96afb6a2cd72787cb15d6bb01fc 952e988163c2ab9939c3db9f0f8e77af6a1bb436 git	Not specified
CNA	Linux	Linux	affected 48596a8ddc46f96afb6a2cd72787cb15d6bb01fc 0b530efb2cc9dbdddfd49d392e3a857f0d4ce8dc git	Not specified
CNA	Linux	Linux	affected 48596a8ddc46f96afb6a2cd72787cb15d6bb01fc 0d3a282ab5f165fc207ff49ea5b6ad8f54616bd6 git	Not specified
CNA	Linux	Linux	affected 4.14	Not specified
CNA	Linux	Linux	unaffected 4.14 semver	Not specified
CNA	Linux	Linux	unaffected 5.10.258 5.10.* semver	Not specified
CNA	Linux	Linux	unaffected 5.15.209 5.15.* semver	Not specified
CNA	Linux	Linux	unaffected 6.1.175 6.1.* semver	Not specified
CNA	Linux	Linux	unaffected 6.6.142 6.6.* semver	Not specified
CNA	Linux	Linux	unaffected 6.12.92 6.12.* semver	Not specified
CNA	Linux	Linux	unaffected 6.18.34 6.18.* semver	Not specified
CNA	Linux	Linux	unaffected 7.0.11 7.0.* semver	Not specified
CNA	Linux	Linux	unaffected 7.1 * original_commit_for_fix	Not specified

References

Reference	Source	Link	Tags
git.kernel.org/stable/c/0b530efb2cc9dbdddfd49d392e3a857f0d4ce8dc	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/0d7b33ace701fe397e6e4de145f32e098178d901	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/be75218fadea22e59c8673db212f29c681bf45bb	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/c281e018af98df91827d65bec00f4956c00a1b02	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/02f75f041a93ea045834da89cd3234f4c1d749b4	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/952e988163c2ab9939c3db9f0f8e77af6a1bb436	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/383418c20e69f5761b6ec5238f599423f4fb77fb	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/0d3a282ab5f165fc207ff49ea5b6ad8f54616bd6	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.